We've had an issue in PROD at DET - essentially as part of a new deployment, EVB configuration from DEV was deployed, the service started and then left for a period with the scheduler in a paused/stopped state. The credentials for the agents were not updated at that time.
In this case, the credentials on a bunch of the AD agents used the same account names as in DEV but (obviously) different passwords. Also DET has an across the board policy on service accounts including lockouts.
As such, after running in this state for a while, we discovered that the AD service accounts in-use had become locked out/disabled. Unfortunately for us, one of those accounts was also shared by the VIS service which ended in a number of outages :(
What we're asking however, is this expected behavior of the Agent? What is the polling interval between credential checks? And should this be reviewed (perhaps something like if the last 1-2 checks failed, don't poll again until the agent is updated) or should polling be performed at all?
Customer support service by UserEcho